Endpoint Protection

I currently have a structure of 1 Group, with one primary server and about 20 secondary servers. In SEPM, I am importing all of the secondary servers and I will want to keep the same type of structure. I have the SEPM server ready to go. What I would like to do now is to make ALL 20 secondary servers "GUP" servers. What do I need to do to keep the structure as it was in SAV.  I want to pretty much replicate the Parent-Child, I know it is different now, but I know that GUP can facilitate this need.

Thank you

GUP will updates theconent to clients that connect to GUP .

You need to do anything, SEP client is GUP until configured so, you need to change the LU policy for the group and set it to get the updates from the configured GUP.

It's good idea to convert the secondary servers to GUP and many SEPM's is not good design. Clients need to ensure that they communicate with the GUP. GUP works on port 2967 ( con be configured to other port).

Also make sure that you have the client & the GUP have the same liveupdate policy..

Over her you design the group  structure this way

-- Stie A
      --  Server  (This group can have the GUP)  & one liveupdate policy to both client & server.
      -- Clients

-- Site B
    -- Server
    -- Clients

See if this existing posts helps.
https://www-secure.symantec.com/connect/forums/gup-difficulties-applying-liveupdate-policies-clients-and-servers-different-groups

It describes using "localhost" as the server name in your liveupdate policy.
Also look into using location awareness.

Hi BNS

The GUP will not serve the paret child  architecture that you are looking for. The GUP  will just update the content on the clients belonging in its group.The GUP will not faclitate the job that was done by the SS in SAV.

Even i would loke to know how many clients you have in your network?

Also the 20 SS that you have are they 20 diffrent sites ?

Also how many clients are reporting to the SS ?

I have About 20 sites, there is one Primary server, there are several secondary servers. I would say 1 for each site, the sites have about a minimum of 20 clients reporting to each secondary server. I want these sites to get their updates from the secondary (GUP) servers like it was done in SAV. I can not put the strain all on one SEPM server. I am VERY confused at how the GUP works or if it is in fact a better solution than to have kept the secondary server structure. I want the New York Clients getting its updates from the New York server, and I want the LA clients to be updated by the LA servers, and so on. They need to find the definitions and update as often as I schedule, but I want them to do so from a local resource. GUP is very confusing to me and I prefer to have the structure that was in place before. I know it is no longer available, but I would like to mimic it as much as possible. I want the GUP's to provide the live update for new definitons only and I want the SEPM to provide the policy, (Centralized exceptions, etc) throughout the domain.

All I want the GUP to do is to provide the live updates, the rest of the policy is to come from the highest level of our structure that resides on the SEPM server.
Thank you

Hi BNS , In this senario ,

In SEPM make 20 groups for each site and then assign  one computer as the GUP.
The cleints will take the policy from the main SEPM , but the content updates locally from the GUP specified.

Symantec Endpoint Protection 11.0 Group Update Provider (GUP)

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007092720522748

Best practices for Group Update Provider (GUP)

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008081810593048

 

I am trying to migrate all of the secondary servers over now, but here is the problem. There are 20 of them and it takes a VERY long time to search, if one of them is NOT reachable the operation to migrate from SAV to SEP fails. I wanted to do this manually, but can not do it this way either. If I migrate ONE server into SEP from SAV, the hierarchy is created, but if I try to migrate another server into SEP from SAV, it will time out telling me the groups is already created and I am forced to leave it in SAV, I want to move each secondary server over one by one, but it does not seem to be an option to do it this way. It looks as if it is "all or nothing."

Yes you are right. In migration the entire structure is migrated.
Else what you can do. In SEPM create diffent groups for each of your sites and assign a package or create a pacakge for each group then you can push the package at your will,